Friday, February 27, 2004

Ernest Miller likes most of the EFF solution to the P2P file sharing problem.

"A Significant Problem: Using Any Software Won't Cut It

Why? Free riders. If people are permitted to freely share files on existing P2P systems, there goes any chance you have of limiting free riding.

Under EFF's proposed system, say I go ahead and get a license. For $5/month I can fileshare with impunity, that is, I can upload songs all day long. The free riders in this system will be the people downloading the songs from me. How do you enforce against downloaders? You can't, at least without draconian technical and legal enforcement mechanisms which I am sure the EFF would rightfully oppose.

What will happen under EFF's system is that a significant number of people will sign up for the system, say 10-20% of the filesharing population (if you are lucky). At this point, you stop getting subscriptions, because the free riders can get all the music they want for free, without fear of legal sanction. Sure, you might have some foolish people who both download and upload, but not many and all you'll do is turn them into legitimate uploaders for a small fee/fine. Suddenly, your $3 Billion/year is only $600 Million or $300 Million. Additionally many fee-paying subscribers will feel like suckers for paying"

He has a solution though - compulsory licenses.

"Compulsory licenses avoid this problem by forcing everyone to pay, regardless. This comes at the expense of heavily involving government, which should be a last ditch solution."
The UK government have published a discussion paper in response to the Newton Report which recommended that the Part 4 powers in the 2001 Anti-Terrorism Crime and Security Act, which allow indefinite detention of foreign terrorist suspects, should be replaced with new legislation. Lord Newton recommended new powers to apply to British as well as foreign nationals, to avoid having to opt out of a part of the European Convention on Human Rights. I doubt most people will be interested in purusing the full 123 pages but it would really be worthwhile for you to read the main principles and conclusions on pages 8 and 9 of the Newton report. The principles state that the report recognises that the individual has the right to liberty and privacy and that the authorities have a duty to take the necessary steps to protect society from terrorism. It explicitly recognises the need for special counter terrorism legislation but says it should be kept distinct from mainstream criminal law and limited to dealing with terrorism. And it implicitly criticises the David Blunkett approach of introducing emergency legislation supposedly to deal with terrorism but having the provisions so broadly drafted that they apply to petty crime. "The enactment of mainstream legislation using emergency procedures undermines the consensus for the use of such procedures in justifiable cases." Our Home Secretary won't have liked that. At the other end of the scale pure libertarians won't be overly enamoured with "the blanket ban on the use of intercepted communications as evidence in court should be lifted to make it possible to prosecute more terrorists (and other serious criminals) and the government should examine the scope for more intensive use of surveillance to prevent and disrupt terrorism."

All very topical this week in the light of the dropping of the prosecution of Katharine Gun and Claire Short's attempts to take revenge on Tony Blair with allegations of illicit spying on the UN.
According to the Independent, the general angst about electronic voting is spreading in Ireland.

Taoiseach Bertie Ahern is dismissive of concerns and determined that an auditable paper trail will not be built into the system.

"We are not going to go back to pushing pieces of paper around the place," he said, accusing a critic of wanting "to keep old ways, old things, the old nonsensical past".

I guess he means that "old nonsensical past" where the election system was transparent, had impeccable integrity, it was simple to vote (mark the ballot paper and stick it in the box) and had a clear audit trail so that any anomalies could be reviewed openly. But it was, of course, terrible that it might take a few days to get the final results.

The new system will provide instant results (yahoo! - I use the word in its original sense prior to the Internet age) and a windfall for voting machine manufacturers all for 40m Euros(£26m). But no transparency, no simplicity, no audit trail, no confidence, no integrity...

Governments get five years if they win the election. Is democracy not worth a few days to make sure the results of the election are accurate? In the words of Milton Friedman in the Eldred amicus brief, this one is a complete "no brainer" for me. This ubiquitous Boys-Own blind faith of computing ignoramuses, like certain decision makers, in the ability of computers to automatically and magically make things better, regardless of the overall objective or the suitability of the tools (computers) to the task or [critically] the way in which those tools are deployed, drives me nuts on a daily basis in my own day job. That it is happening in so important a context of the integrity of our democracies is worrying in the extreme. Mr Ahern should not knock paper. It is still the best available technology for voting (imho).

Thursday, February 26, 2004

Greplaw have done an interview with Jessica Litman. Lovely quote about Jessica thinking of herself as an older sister to Harry and I hadn't previously come across her Breakfast with Batman paper.
The Association of Chief Police Officers in the UK have accused the Information Commissioner of putting children at risk for ordering the "destruction of valuable criminal intelligence."

"In one case, in July 2003, the commissioner demanded that South Yorkshire police delete from a woman's record a juvenile conviction for actual bodily harm dating from 1979...

In September 2003 a similar request was made of West Yorkshire police over a man who wanted juvenile convictions that carried a three-month custodial sentence to be "weeded out" of his record.

In a case with echoes of Huntley, the commissioner asked an unnamed police force to delete intelligence relating to allegations that a man sexually assaulted young males in 1991 and 1998."

The notion that a juvenille conviction from 1979 (25 years ago) should be held against someone is a bit excessive. What about the juvenille conviction leading to a custodial sentence or someone with serious allegations stemming from 1998? It's difficult to say without more specifics of the individual cases. What's certain is that the police have a very difficult job but they do need to recognise that the Information Commissioner does too. Very often an organisation's interpretation of the Data Protection Act bears little relationship to the actual requirements of the act. There is a judgement call to be made on the merits of individual cases and the perception on where the dividing line should fall will vary depending on the values and objectives of the institution or the indivual. ACPO and the Information Commissioner, if the story is to be believed, have different perspectives on the boundaries.
There's a nice quote from Jonathan Zittrain in a New York Times article on the "Grey Album" (a re-mix of some Beatles tracks with some recent rap music) dispute:

"As a matter of pure legal doctrine, the Grey Tuesday protest is breaking the law, end of story. But copyright law was written with a particular form of industry in mind. The flourishing of information technology gives amateurs and home-recording artists powerful tools to build and share interesting, transformative, and socially valuable art drawn from pieces of popular culture. There's no place to plug such an important cultural sea change into the current legal regime."

Statewatch Editor Tony Bunyan is none too pleased at the EU plans to introduce biometric passports.

"For EU citizens getting a passport is quite straightforward, you fill in the form, get your picture taken in a photo booth and simply post both to the passport office. This simple process is about to change: to get a passport you will have to present yourself to an "enrolment centre" where a special picture will be taken of you and then you will have to have your fingerprints taken. These will then be held on a European database with personal data."

The political decision to introduce compulsory biometric identifiers, first on visas and residence permits and then on passports, was taken at two Informal meetings of Justice and Home Affairs Ministers (in February 2002 and then in March 2003). The Commission argued for a so-called "coherent approach" for "all travel documents, including the passports of EU citizens". These decisions were not reported at the time. It was the European Councils (the meeting of EU prime ministers) at Thessaloniki in June 2003 and later in Brussels on 12 December 2003 who formally endorsed the proposal. A secondary reason for bringing in biometrics on EU passports, the Commission argues, is that the USA is demanding them on passports too.

The legal basis for the proposal is highly dubious, see: Commission’s EU biometric passport proposal exceeds the EC’s powers, Statewatch legal analysis concludes that: "no powers conferred upon the EC by the EC Treaty, taken separately or together, confer upon the EC the power to adopt the proposed Regulation"

The ignorance in the making of these decisions about biometric identity as a surrogate for security continues to be staggering and it would be laughable if it wasn't so serious. I could mutter 'security is a trade off ' and 'biometrics may be unique (mostly) but they're not secret' and 'identity is no gaurantee of security' and 'statistically the bigger the biometric database the bigger the error rate' and 'false positives' and 'false negatives' and 'information overload' and 'well resourced clever human intelligence' and ''security is only as strong as the weakest link', but there's not much chance of getting heard by the 'war on terrorism' gang. And the sad thing is that I don't even know that much about security but even I can see the sense of people who really do know about it like Bruce Schneier. What kind of a world our our children going to grow up into?

Tuesday, February 24, 2004

321 Studios have lost their DMCA battle against the movie industry.

"Judge Susan Illston ruled Friday in San Francisco that software made by
Chesterfield, Mo.-based 321 Studios violates the 1998 Digital Millennium
Copyright Act, which prohibits the circumvention of anti-piracy measures such
as the Content Scramble System protecting movies on DVDs.

The judge ordered the company to cease making or distributing such software
within seven days of her order."

The company has said they will appeal.

Monday, February 23, 2004

Michael Froomkin recalled some advice from his grandmother recently in reflecting on the Bush administration's response to the atrocities of 9/11 and Siva Vaidhyanathan's confession of self-censorship when going through airport security at Newark.